b

    B Cerkezi

    2 weeks ago
    Hey team - very basic question, when making a request and sending the Principal object, why is an empty/null
    Principal.Roles
    not allowed? Is the idea that we should make the decision in code to reject the request without sending it to cerbos?
    Charith (Cerbos)

    Charith (Cerbos)

    2 weeks ago
    Hi. Policy rules require at least one role to be known. That's because access rules are not usually written for individual users but for a group of users (as an indirection). So that's why
    principal.roles
    is mandatory. If you don't have any, you can make up something instead.
    Emre (Cerbos)

    Emre (Cerbos)

    2 weeks ago
    Hi @B Cerkezi, What is your use case? Anything else we can help with?